At 3/4/17 06:05 AM, EDM364 wrote:
Huh. Wonder if instagram was affected. Some guy from Russia tried to log into my account. I wish there was a setting to only allow logins from a certain geographical area -- except it would just show up as an incorrect password and send me an email about it.
Interesting idea, though maybe difficult if you happen to have to travel, or use a VPN, or for some reason get perceived as being in a location other than the one you are in... and people could go via proxies to make it look like they're from another area than they are, too, though course if they don't know about the limitation that wouldn't be a problem...
IMO two-factor authorization seems like the best/easiest solution though. If all bigger sites could implement it, you could have phone-based verification for the most important accounts (like email), and then just email-based verification for everything else. Once per device so you don't have to keep doing it. Backup codes if for some reason something doesn't work. Seems pretty bulletproof.